Privacy Policy

Last update:  7. December 2023

Thank you for your interest in the information on our website!

With the help of this Privacy Policy we would like to inform the users of our website about the type, scope and purpose of the personal data processed. Personal data in this context is all information that can be used to personally identify you as a user of our website (theoretically in an alternative way or by linking various data), including your IP address. Information that is stored in cookies is generally not or only in exceptional cases personally identifiable; however, cookies are covered by specific regulations that makes the permissibility of the use of cookies dependent on their purpose to a large extent on the active consent of the user.

In a general section of this Privacy Policy, we provide you with information on data protection, which generally applies to our processing of data, including data collection on our website. In particular, you as a data subject will be informed about the rights to which you are entitled.

The terms used in our Privacy Policy and our data protection practice are based on the provisions of the EU General Data Protection Regulation ("GDPR") and other relevant national legal provisions.

Controller according to the GDPR

ASAP Stamps Ltd t/a Blade Rubber Stamps
FN 05604906
30 Oak Street
S8 9UB Sheffield
United Kingdom

t: 020 7831 4123 

Data collection on our website

On the one hand, personal data is collected from you when you expressly communicate such data to us, on the other hand, data, especially technical data, is automatically collected when you visit our website. Some of this data is collected to ensure that our website functions without errors. Other data may be used for analysis purposes. However, you can use our website without a need to provide personal information.

Technologies on our website

Cookies and Local Storage

We use cookies to make our website as user-friendly and functional as possible for you. Some of these cookies are stored on the device you use to access the site. 

Cookies are small packages of data that are exchanged between your browser and our web server whenever you visit our website. They do not cause any damage and are used solely to recognise website visitors. Cookies can only store information provided by your browser, e.g. information that you have entered into your browser or that is available on the website. Cookies cannot execute code and cannot be used to access your terminal device. 

The next time you access our website using the same device, the information stored in the cookies can then either be sent back to us (“first-party cookie”) or to a web application of third party to whom the cookie belongs (“third-party cookie”).  The information that is stored and sent back allows each web application to recognise that you have already accessed and visited the website using the browser on your device. 

Cookies contain the following information:

We classify cookies in the following categories depending on their purpose and function:  

Depending on the storage period, we also divide cookies into session and persistent cookies. Session cookies store information that is used during your current browser session. These cookies are automatically deleted when the browser is closed. No information remains on your device. Persistent cookies store information between two visits to the website. Based on this information, you will be recognized as a returning visitor on your next visit and the website will react accordingly. The lifespan of a persistent cookie is determined by the provider of the cookie.

The legal basis for using technically necessary cookies is our legitimate interest in the technically fault-free operation and smooth functionality of our website as described in Art. 6 paragraph 1 lit. f of the GDPR. The use of statistics and marketing cookies is subject to your consent, in accordance with Art. 6 paragraph 1 lit. a of the GDPR.  You can withdraw your consent for the future use of cookies at any time in accordance with Art. 7 paragraph 3 of the GDPR.  Your consent is voluntary. If consent is not given, no disadvantages arise. For more information about the cookies we actually use (specifically, their purpose and lifespan), refer to this Privacy Policy and to the information in our cookie banner about the cookies we use.

You can also set your web browser so that it does not store any cookies in general on your device or so that you will be asked each time you visit the site whether you accept the use of cookies. Cookies that have already been stored can be deleted at any time. Refer to the Help section of your browser to learn how to do this.
Please note that a general deactivation of cookies may lead to functional restrictions on our website. 

On our website, we also use so-called local storage functions (also called "local data"). This means that data is stored locally in the cache of your browser, which continues to exist and can be read even after you close the browser - as long as you do not delete the cache or data is stored within the session storage. 

Third parties cannot access the data stored in the local storage. If special plug-ins or tools use the local storage functions, you are informed within the description of the respective plug-in or tool. 

If you do not wish plug-ins or tools to use local storage functions, you can control this in the settings of your respective browser. We would like to point out that this may result in functional restrictions.

Google Fonts

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company Google LLC (USA),
Purpose: Integration of fonts
Category: Statistics
Recipients: EU, USA (possible)
Data processed: IP address, language settings, screen resolution, version and name of browser.
Data subjects: website visitors
Technology: JavaScript call
Legal basis: Consent, Data Privacy Framework
Further information:

To display fonts consistently, our website uses Web Fonts which are provided by Google. 

To display web fonts, the web browser you use must connect with a Google server. This informs Google that our website is being accessed via your IP address. The IP address from the browser of the device you are using to access our site is also stored by Google. If your browser does not support Web Fonts, your device will display the site using a standard font type. With each Google Font request, your IP address is automatically transferred to a Google server along with information such as your language preferences, display resolution, version and name of your browser. The usage data collected by Google enables them to determine the popularity of specific font types. Google publishes these findings on internal analytics sites (e.g. Google Analytics).

Google Fonts enables us to use fonts on our own website without uploading them to our server. Google Fonts is an important building block for maintaining the high quality of our website. All Google fonts are automatically optimized for the web. This reduces the data volume and is particularly advantageous for use on mobile devices. When you visit our site, the low file size allows for quicker loading times. Furthermore, Google Fonts are secure Web Fonts that support all major browsers.  

Google stores requests for CSS assets for one day on its servers. This enables us to use the fonts with the support of a Google style sheet. The font files are stored by Google for one year. To delete data prematurely, you must contact Google Support ( ).

Google reCAPTCHA

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company Google LLC (USA),
Purpose: Protection against Misuse, Spam Prevention
Category: Technically Required
Recipients: EU, USA
Data processed: IP Address, Website Visit Details
Data subjects: User
Technology: JavaScript Call, Cookies, Local Storage
Legal basis: Legitimate Interest, Data Privacy Framework,
Further information:
Here you can find out where exactly Google data centers are located:

On our website, the Google reCAPTCHA service is used to protect against abuse by non-human visitors (bots) and to prevent spam.

When reCAPTCHA is started, the browser establishes a connection to Google's servers. This enables Google to know that our website has been accessed via a user's IP address.

The purpose of reCAPTCHA is to verify whether the data entry on our website is made by a human or by an automated program. For this purpose, reCAPTCHA analyzes the user's behavior based on various characteristics. This analysis begins automatically as soon as the user starts our website. For the analysis, reCAPTCHA evaluates various information.

According to our information, the following data is processed by Google:

The data collected during the analysis is forwarded to and used by Google. The reCAPTCHA analyses run entirely in the background.

Cookies are used for the processing of the service.  These cookies require a unique identifier for tracking purposes. According to Google, the IP address is not merged with other data from other Google services, unless a user is logged into his Google account while using the reCAPTCHA plug-in. Furthermore, reCAPTCHA also uses the local storage on the user's device to store data.


In the process of hosting our website, we store all data related to the operation of our website. This is necessary for enabling operation of our website. Therefore, we process this data on the legal grounds of our legitimate interest in optimising our website as described under Art. 6 paragraph 1 lit. f of the GDPR. To provide access to our website, we use the services of web hosting providers, to whom we supply the aforementioned data within the context of contractual processing in accordance with art. 28 of the GDPR.


Whenever you contact us, your information is used to process and handle your contact request in the course of fulfilling pre-contractual rights and obligations in accordance with Art. 6 paragraph 1 lit. b of the GDPR. To handle and answer your request it is necessary for us to process your data; otherwise we are unable to answer your request or only able to partially answer it. Your information can be stored in a database of customers and leads on the grounds of our legitimate interest in direct marketing as described in Art. 6 paragraph 1 lit. f of the GDPR.

We delete your request and contact information when your request has been definitively answered and there is no legally required time limit for storing this data prior to deletion (e.g. pursuant to a subsequent contractual relationship). This is usually the case when there is no further contact with you for three years in a row.


Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, Parent Company: Meta Platforms, Inc (USA).
Purpose: Web Analysis, Tracking (Conversion)
Category: Marketing
Recipients: EU, USA
Data processed: IP Address, User Data, Website Visit Details
Data subjects: Users
Technology: JavaScript Call, Cookies
Legal basis: Consent, Data Privacy Framework,
Further information:

On our website, the service Meta-Pixel of the social network Facebook is used for the analysis, optimization and economic operation of our online offer.

With the help of Meta-Pixel, it is possible for Meta, on the one hand, to determine the visitors to our website as a target group for the display of personalized ads. Accordingly, we use Meta-Pixel to display the ads placed by us only to users who have also shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Meta (so-called "Custom Audiences"). With the help of Meta-Pixel, we also want to ensure that our Meta Ads correspond to the potential interest of users and do not have a harassing effect. With the help of Meta-Pixel, we can, on the other hand, track the effectiveness of Meta Ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Meta Ad (so-called "conversion").

Your actions are stored in one or more cookies in the process. These cookies allow Meta to match your user data (such as IP address, user ID) with your Facebook account data. The collected data is anonymous and not visible to us and can only be used in the context of advertisements. You can prevent the linking with your Facebook account by logging out before you take any action. 

To set which types of ads are displayed to you within Facebook, you can visit the page set up by Meta and follow the instructions there for the settings of usage-based advertising:

The settings are done in a platform-independent manner, which means that they are applied to all devices, such as desktop computers or mobile devices.

Server Log Files

For technical reasons, particularly to ensure a functioning and secure website, we process the technically necessary data about accesses to our website in so-called server log files which your browser automatically sends to us. 

The access data we process includes:

This data cannot be traced back to any natural person and is used solely to perform statistical analyses and to operate and improve our website while also optimising our site and keeping it secure. This data is sent exclusively to our website operator. The data is neither connected nor aggregated with other data sources. In case of suspicion of unlawful use of our website, we reserve the right to examine the data retroactively. This data processing takes place on the legal grounds of our legitimate interest in maintaining a technically fault-free and optimal website, as described under Art. 6 paragraph 1 lit. f of the GDPR.

The access data is deleted within a short period of time after serving its purpose (usually within a few days) unless further storage is required for evidence purposes. In such cases, the data is stored until the incident is definitively resolved.

SSL Encryption

Within your visit to our website, we use the widespread SSL procedure (Secure Socket Layer) in conjunction with the highest level of encryption supported by your browser. You can tell whether an individual page of our website is transmitted in encrypted form by the closed representation of the key or lock symbol in the lower status bar of your browser. We use this encryption procedure on the basis of our justified interest in the use of suitable encryption techniques in accordance with Art. 6 paragraph 1 lit. f GDPR.

We also make use of suitable technical and organisational security measures in accordance with Art. 32 GDPR to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments and kept state-of-the-art.


Provider: DataReporter GmbH, Zeileisstraße 6, 4600 Wels, Austria.
Purpose: Consent Management
Category: Technically Required
Recipient: EU, AT
Data processed: IP Address, Consent Data
Data subjects: Users
Technology: JavaScript call, Cookies, Swarmcrawler
Legal basis: Legitimate interest, consent (swarmcrawler to evaluate search results)
Further information:

On our website, we use the Webcare tool for consent management. Webcare records and stores the decision of each user of our website. Our Consent Banner ensures that statistical and marketing technologies such as cookies or external tools are only set or started if the user has expressly consented to their use.

We store information on the extent to which the user has confirmed the use of cookies. The user's decision can be revoked at any time by accessing the cookie setting and managing the declaration of consent. Existing cookies are deleted after revocation of consent. For the storage of information about the status of the consent of the user, a cookie is also set, which is referred to in the cookie details. Furthermore, the IP address of the respective user(s) is transmitted to DataReporter's servers when this service is called up. The IP address is neither stored nor associated with any other data of the user, it is only used for the correct execution of the service.

With the help of Webcare, our website is regularly checked for technologies relevant to data protection. This investigation is only carried out for those users who have expressly given their consent (for statistical or marketing purposes). The search results of the users are evaluated by Webcare in an anonymous form and only in relation to technologies and used for the fulfillment of our information obligations. To start the Swarmcrawler technology, a request is sent to our servers and the IP address of the user is transmitted for the purpose of data transfer. Servers are selected which are geographically close to the respective location of the user. It can be assumed that for users within the EU, a server with a location within the EU will also be selected. The IP address of the user is not stored and is removed immediately after the end of the communication.

Webshop with customer account

We process data of our customers in particular their master data, communication data, payment data, contract data in the context of the execution of order processes in our web shop. This is done for the purpose of selecting and ordering the selected products and / or services, as well as their payment and delivery or execution.

The purpose of the processing is the provision of contractual services within the framework of the operation of our web shop, the billing of deliveries and services, the delivery of products and the performance of services. 

The processing is carried out for the purpose of fulfilling the contract on the basis of Art. 6 paragraph 1 lit. b GDPR for the processing of orders and furthermore according to Art. 6 paragraph 1 lit. c GDPR for the fulfilment of legal storage obligations based on trade and tax regulations. The mandatory data for the fulfilment of the contract are specially marked as such when they are entered in our shop system or we will inform you of them personally. We transmit the data to third parties only for the provision of our services (e.g. to involved transport or other auxiliary services such as subcontractors or telecommunications services), for the processing of payment transactions (e.g. to banks, payment service providers, tax authorities or consultants) or within the scope of our legal rights and obligations, as well as within the scope of our legitimate interest in the appropriate legal prosecution in accordance with Art. 6 paragraph 1 lit. f GDPR vis-à-vis legal advisors, courts and authorities in the event of an incident. The data will only be processed in third countries if this is absolutely necessary for the fulfilment of the contract (e.g. at the customer's request on delivery or payment) and insofar as appropriate data protection guarantees are available. Any other transfer of data to third parties will only take place with your express consent in accordance with Art. 6 paragraph 1 lit a GDPR.

Users can create a user account, e.g. by viewing their orders. User accounts are not visible to the public. If users have terminated their user account, their data will be deleted with regard to the user account unless their retention is absolutely necessary for commercial or tax reasons in accordance with Art. 6 paragraph 1 lit. c GDPR or is necessary due to our legitimate interest in enforcing the law in accordance with Art. 6 paragraph 1 lit. f GDPR. It is the responsibility of the users to secure their data before the end of the contract in the event of termination.

Within the scope of registration and in the case of renewed registration and use of our online services, we store the IP address and the time of the respective user action. The storage takes place on the basis of our legitimate interests pursuant to Art. 6 paragraph 1 lit. f GDPR, as well as in the legitimate interest of the users themselves for protection against misuse and against other unauthorized use. This data is not passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so pursuant to Art. 6 paragraph 1 lit. c GDPR.

The data will be deleted after expiry of statutory warranty and compensation obligations or other contractual or statutory obligations. The deletion of the data takes place after the expiry of legal warranty and compensation obligations or other contractual or legal obligations. Our customers and contractual partners are informed separately in this data protection declaration about further processing of data within the scope of marketing activities. 


Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC (USA)
Purpose: Integration of Video Content, Collection of Statistical Data
Category: Statistics
Recipients: EU, USA
Data processed: IP Address, Website Visit Details, User Data
Data subjects: Users
Technology: JavaScript Call, Cookies, Device Fingerprinting, Local Storage
Legal basis: Consent, Data Privacy Framework,
Further information:

On our website, we use the YouTube service to embed videos.

We have activated the extended data protection mode on YouTube. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch a video. However, the disclosure of data to YouTube partners is not excluded by the extended data protection mode.

As soon as you start a YouTube video, a connection to YouTube's servers is established. This tells YouTube which of our pages you have visited. If you are logged into your YouTube account, you thereby enable YouTube to assign your surfing behaviour directly to your personal profile. This can be prevented by logging out of your account.

Furthermore, YouTube can save various cookies on your end device after starting a video or use comparable technologies (e.g. device fingerprinting). YouTube also uses the local storage on your end device. In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve the user experience and prevent fraud attempts

General information on data protection

The following provisions in its principles apply not only to the data collection on our website, but also in general to other processing of personal data.

Personal data

Personal data is information that can be assigned to you individually. Examples include your address, your name as well as your postal address, email address or telephone number. Information such as the number of users who visit a website is not personal data because it is not assigned to a person.

Legal basis for the processing of personal data

Unless more specific information is provided in this Privacy Policy (e.g. in the case of the technologies used), we may process personal data from you on the basis of the following legal principles:

Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our home country.

Transfer of personal data

Your personal data will not be transferred to third parties for purposes other than those listed in this Privacy Policy.

We will only transfer your personal data to third parties if:

Cooperation with processors

We carefully select our service providers who process personal data on our behalf. If we commission third parties to process personal data on the basis of a data processing agreement, this is done in accordance with Art. 28 of the GDPR.

Transfer to third countries

If we process data to a third country or if this is done in the context of using the services of third parties or disclosure or transfer of data to other persons or companies, this is only done on the legal basis described above for the transfer of data.

Subject to express consent or contractual necessity, we process or allow data to be processed only in third countries  in accordance with Art. 44 - 49 of the GDPR with a recognized level of data protection or on the basis of special guarantees, such as contractual obligations through so-called standard contractual clauses of the EU Commission, the existence of certifications or binding corporate rules.

Data transfer to the U.S.

We would like to explicitly point out that as of July 10, 2023, the EU Commission has issued an adequacy decision on the EU-US data protection framework (Data Privacy Framework) pursuant to Art. 45 paragraph 1 GDPR. Accordingly, organizations or companies (as data importers) in the US that are registered in a public list as part of the self-certification of the Data Privacy Framework provide an adequate level of protection for data transfers. Whether the specific provider of a service is already certified can be found here:

The Data Privacy Framework provides a valid legal basis for the transfer of personal data to the USA. This creates binding guarantees to comply with all ECJ requirements; for example, it provides that access by U.S. intelligence services to EU data is limited to a necessary and proportionate level and that a data protection review court is created to which individuals in the EU also have access.

If a transfer of data by us to the US takes place at all or if a service provider based in the US is used by us, we refer to this explicitly in this Privacy Policy (see in particular the description of the technologies used on our website).

It should be noted that aside from significant improvements, the Data Privacy Framework is only partial and only applies to data transfers to those data importers in the U.S. that appear on the public list of certified organizations/companies.

What can the transfer of personal data to the US mean for you as a user and what risks are involved?

Risks for you as a user as far as data importers in the USA are concerned, which are not covered by the Data Privacy Framework, are in any case the powers of the US secret services and the legal situation in the U.S., which currently, according to the European Court of Justice, no longer ensure an adequate level of data protection. Among others, these are the following:

Legally compliant transfer of data to the U.S. on the basis of the standard contractual clauses for data importers not covered by the Data Privacy Framework?

In June 2021, the European Commission adopted new Standard Contractual Clauses (SCC) in Decision 2021/914/EU. These create a new legal basis for data transfers where the level of data protection is not the same as in the EU.

Legally compliant transfer of data to the U.S. based on consent?

If a data transfer to a service provider based in the U.S. takes place that is not covered by the Data Privacy Framework and this data transfer is based on explicit consent, we provide explicit information about this in this privacy policy, in particular in the description of the technologies used on our website.

What measures do we take to ensure that data transfers to the U.S. are legally compliant?

Where US providers offer the option, we choose to process data on EU servers. This should technically ensure that the data is located within the European Union and that access by US authorities is not possible.

Storage periods in general

If no explicit storage period is specified during the collection of data (e.g. in the context of a declaration of consent), we are obliged to delete personal data in accordance with Art. 5 paragraph 1 lit. e of the GDPR as soon as the purpose for processing has been fulfilled. In this context, we would like to point out that legal storage obligations represent a legitimate purpose for the further processing of affected personal data.

Personal data will be stored and retained by us in principle until the termination of a business relationship or until the expiry of any applicable guarantee, warranty or limitation periods, in addition, until the end of any legal disputes in which the data is required as evidence, or in any event until the expiry of the third year following the last contact with a business partner.

Storage periods in particular

As part of the description of individual technologies on our website, there are specific references to the storage period of data. In our cookie table, you will be informed about the storage period of individual cookies. In addition, you always have the possibility to ask us directly about the specific storage period of data. To do so, please use the contact data listed in this Privacy Policy.

Rights of data subjects

Data subject have the right:

The responsible data protection authority for ASAP Stamps Ltd t/a Blade Rubber Stamps is:

The Information Commissioner’s Office
Water Lane, Wycliffe House, SK9 5AF Wilmslow - Cheshire, UK
Tel.: +44 1625 545 745,

Assertion of rights of data subjects

You yourself decide on the use of your personal data. Should you therefore wish to exercise one of your above-mentioned rights towards us, you are welcome to contact us by email at or by post, as well as by telephone.

Please assist us in specifying your request by answering questions from our responsible employees regarding the specific processing of your personal data. If there are reasonable doubts about your identity, we may request a copy of your identification.

For questions regarding data protection, you can reach us at or at the other contact details stated in this Privacy Policy.

Sheffield, on  7. December 2023

Download as PDF